Step by Step : Create a 20 euros 20 euros payment on demo MID BNP_DEMO_AXEPTA.
More details : 3DS 2.0 Integration Methods
Use-case
- Payment experience : Redirection
- Cutomization : no customization
- Payment methods : CB / Visa / Mastercard
- Payment feature : One-shot payment
- Reconciliation data : RefNr & TransID
Create a 20 euros payment
This example is based on the test shop BNP_DEMO_AXEPTA, only credit card payments are setup on this shop.
Calculate the HMAC value
The HMAC value is obtained by ciphering the string PayID*TransID*MerchantID*Status*Code with the HMAC key of your shop.
Example with BNP_DEMO_AXEPTA
- PayID*TransID*MerchantID*Amount*Currency → *1*BNP_DEMO_AXEPTA*20*EUR
- HMAC value → FCCF8F2BEDC06E7C3C270B0D4DC4CEE9640E4B4A5577763C2E3CDDFC84913D56
Calculate the DATA and Len values
The DATA parameter is obtained by ciphering all the parameters required for the payment with the blowfish key of your shop.
All parameters are assembled in a character string and separated by the character &.
At least, a request payment should contain the following parameters :
MerchantID=value&MsgVer=value&TransID=value&RefNr&Amount=value&Currency=value&URLNotify=value&URLSuccess=value&URLFailure=value&MAC=value&OrderDesc=value
Example with BNP_DEMO_AXEPTA
- Required parameters with the values
- MerchantID=BNP_DEMO_AXEPTA&MsgVer=2.0&TransID=1&RefNr=0000000AB123&Amount=20&Currency=EUR&URLNotify=https://axepta.bnpparibas/&URLSuccess=https://axepta.bnpparibas/&URLFailure=https://group.bnpparibas&MAC=FCCF8F2BEDC06E7C3C270B0D4DC4CEE9640E4B4A5577763C2E3CDDFC84913D56&OrderDesc=Test:0000
- If you use BNP_DEMO_AXEPTA you have to use "OrderDesc=Test:0000" but this is not mandatory with your own MID
- Encryption with the BNP_DEMO_AXEPTA blowfish key
- DATA = 43AD07F58FF6A5F9EBBDD42E361D2C85CE4AD41FCD63C697C9CA59076FB5CB782237A2E862A97BB24D949911BB701D698DFED6901F1BCB92404F53B8F5336525167AC5B8A9B89C5F3D80BA112B99F32627CEA3CC11C6705870841F76DFEC778FC6632D6C88F6D35C58A124D532ECE1B7BC175FA340BD0C73C33D4F7837442009D914600CCA004DF475C31063C5E418325123C7BB6AC2A8BA16DFAB4FA44BAB6183B05F39EE3590B5BE79E5C7B23B2C14386AE7FCD0FD6C58D20FA4502023E24CE1F4882D87F1FC3E367EC88EEEFB052D26756376200D7765ADE87154E8F2AA12B9D057E93BDAF3AF07CDF662A4BE580896060EDD3EB8678245BB6FA2F134676205C5F12BD21820A2ABA0E4B4AC8A33F174B8C83BE2C4E495F53AA564EF053474A5EF33192ADD9A81
- LEN = 289
Finalize the request
A correct parameter character string for Platform contains three basic parameters: MerchantID, Len and Data.
The parameters MerchantID and Len are unencrypted. Only the Data parameter is Blowfish-encrypted such as :
MerchantID=YourMerchantID&Len=67&Data=0A67FE96a65d384350F50FF1
They are added to the endpoint to create the GET request
https://paymentpage.axepta.bnpparibas/payssl.aspx?MerchantID=YourMerchantID&Len=67&Data=0A67FE96a65d384350F50FF1
The Data parameter contains the sensitive payment details such as amount and currency. The encrypted bytes are Hex-encoded and completed to two characters from the left with a zero. Encryption is via Blowfish ECB and is available to you as source-code and components.
The Len parameter is very important for encryption because it contains the length of the unencrypted(!) character string in the Data parameter. Since the data quantity to be encrypted is increased by a multiple of 8 in the case of the Blowfish encryption, the correct length of the character string must be known for decryption. Otherwise accidental characters emerge at the end of the character string.
The parameters are transmitted via HTTPS POST or HTTPS GET. The recommended transmit method is HTTPS POST because the parameter character string in the case of GET is attached to the URL, which is limited to 2048 bytes depending on the browser.
Notice: Please note that the maximum length of a payment request is limited to 5120 characters. If you require longer strings please contact Axepta Helpdesk.
Example with BNP_DEMO_AXEPTA